update version number for patch release today

[gssapi-openssh.git] / openssh / sshd.c

diff --git a/openssh/sshd.c b/openssh/sshd.c
index 5db24fdd9336c11d0e1a38ffe6cdfb2b0f93403f..12000b1bf5a625add52e281b2c3b878b75aaa4c9 100644 (file)
--- a/openssh/sshd.c
+++ b/openssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.366 2009/01/22 10:02:34 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.367 2009/05/28 16:50:16 andreas Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -117,6 +117,7 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
+#include "roaming.h"
 #include "version.h"
 
 #ifdef USE_SECURITY_SESSION_API
@@ -426,7 +427,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
        server_version_string = xstrdup(buf);
 
        /* Send our protocol version identification. */
-       if (atomicio(vwrite, sock_out, server_version_string,
+       if (roaming_atomicio(vwrite, sock_out, server_version_string,
            strlen(server_version_string))
            != strlen(server_version_string)) {
                logit("Could not write ident string to %s", get_remote_ipaddr());
@@ -436,7 +437,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
        /* Read other sides version identification. */
        memset(buf, 0, sizeof(buf));
        for (i = 0; i < sizeof(buf) - 1; i++) {
-               if (atomicio(read, sock_in, &buf[i], 1) != 1) {
+               if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {
                        logit("Did not receive identification string from %s",
                            get_remote_ipaddr());
                        cleanup_exit(255);
@@ -587,7 +588,7 @@ demote_sensitive_data(void)
 static void
 privsep_preauth_child(void)
 {
-       u_int32_t rnd[256];
+       u_int32_t rnd[256];
        gid_t gidset[1];
 
        /* Enable challenge-response authentication for privilege separation */
@@ -1800,6 +1801,9 @@ main(int ac, char **av)
                cleanup_exit(255);
        }
 
+       /* set the HPN options for the child */
+       channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+
        /*
         * We use get_canonical_hostname with usedns = 0 instead of
         * get_remote_ipaddr here so IP options will be checked.
@@ -1891,9 +1895,6 @@ main(int ac, char **av)
        }
 #endif
 
-       /* set the HPN options for the child */
-       channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
-
        /*
         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
@@ -2326,7 +2327,6 @@ do_ssh2_kex(void)
        }
 #endif
 
-       /* start key exchange */
        /* start key exchange */
        kex = kex_setup(myproposal);
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
@@ -2334,9 +2334,11 @@ do_ssh2_kex(void)
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 #ifdef GSSAPI
-       kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-       kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
-       kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+       if (options.gss_keyex) {
+               kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+               kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
+               kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
+       }
 #endif
        kex->server = 1;
        kex->client_version_string=client_version_string;